Site Navigation:
security gallery3-3.0.9-1.el6 security update
Status:stable
Release: Fedora EPEL 6
Update ID: FEDORA-EPEL-2013-10756
Builds: gallery3-3.0.9-1.el6 (logs)
Pushed: True
Date Submitted: 2013-07-05 14:33:46
Date Released: 2013-07-05 20:35:40
Submitter: limb
Karma: 0
Stable karma: 3
Unstable karma: -3
Details

Fixes for CVE-2013-2240, CVE-2013-2241.

A security flaw was found in the way flowplayer SWF file handling functionality of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, processed certain URL fragments passed to this file (certain URL fragments were not stripped properly when these files were called via direct URL request(s)). A remote attacker could use this flaw to conduct replay attacks.

Multiple information exposure flaws were found in the way data rest core module of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, used to previously restrict access to certain items of the photo album. A remote attacker, valid Gallery 3 user, could use this flaw to possibly obtain sensitive information (file, resize or thumb path of the item in question).

Bugs Fixed
981218 - CVE-2013-2138: gallery3 various flaws [fedora-all]
981219 - CVE-2013-2138: gallery3 various flaws [epel-6]
Feedback
bodhi - 2013-07-05 14:34:01
This update has been submitted for testing by limb.
bodhi - 2013-07-05 20:00:55
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-07-05 21:32:01
This update has been pushed to testing
bodhi - 2013-07-19 22:09:00
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2013-07-22 12:46:58
This update has been submitted for stable by limb.
bodhi - 2013-07-22 19:18:20
This update is currently being pushed to the Fedora EPEL 6 stable updates repository.
bodhi - 2013-07-22 21:45:09
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters